Fundamentals for immediate implementation of a quantum secured Internet 
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This work shows how a secure Internet for users A and B can be implemented through a fast key 
distribution system that uses physical noise to encrypt information transmitted in deterministic 
form. Starting from a shared secret random sequence between them, long sequences of fresh random 
bits can be shared in a secure way and not involving a third party. The shared decrypted random 
bits -encrypted by noise at the source- are subsequently utilized for one-time-pad data encryption. 
The physical generated protection is not susceptible to advances in computation or mathematics. 
In particular, it does not depend on the difficulty of factoring numbers in primes. Also, there is 
no use of Linear Feed Back Shift Registers. The attacker has free access to the communication 
channels and may acquire arbitrary number of copies of the transmitted signal without lowering 
the security level. No intrusion detection method is needed. 
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INTRODUCTION 



Are there conditions to have a physical-noise secured 
Internet (NSI)-instead of a relying on the difficulty of 
factoring numbers in primes- implemented for common 
users? The answer is Yes; and the associated cost is 
very low - this paper shows how it can be immediately 
implemented. 

Let us start with the following classical scenario: User 
A (Alice) uses a (private) laptop with no network or web 
access to encrypt a message X onto a file C to be sent 
to end user B (Bob). The encryption is done with a one- 
time-pad key sequence of truly random bits stored in his 
computer. This random sequence was beforehand shared 
with B. File C is fully characterized and transferred to 
a computer with web access. From this point on file C 
is appended with all identification information, split into 
different packets -as demanded by the Internet protocol 
(IP) stack [1]- and routed through any available phys- 
ical link to the end user B . All modifications are done 
according to the requirements of the Open Systems Inter- 
connection (OSI) layers and protocols [2] including par- 
ticularities demanded by web service providers. Among 
these procedures error correction protocols are included. 
At the destination, file C is assembled bit-by-bit and de- 
livered to B. Stripped from communication information 
attached to it, B checks for file integrity and decrypt C 
using the shared random sequence. The obtained mes- 
sage has unconditionally proven confidentiality and au- 
thentication. These procedures are independent of any 
established Internet security protocol. It is expected that 
Internet should not modify the bit content of the original 
file after its full recover by B. In case A and B are per- 
forming a commercial operation, non-repudiation is eas- 
ily assured to both users. The one-time-pad protocol is 
not intended to modify the Internet protocols in anyway. 
It is a complementary method for secure communication 



between two users that works independently and on top 
of all IP protocols. A and B have their secure commu- 
nication totally under their control. This way, the users 
know that their protection does not rely on mathemat- 
ical difficulties to factoring number in primes nor they 
depend on third parties to assure the desired security. 

The reader may be saying: But this is a classical en- 
cryption between two users and well known to be secure; 
there is nothing physical or new here. However, is this 
scenario realistic if A and B wishes to use it continu- 
ously? The answer to this question has been negative: 
The practical difficulties for A and B to keep sharing 
long sequences of one-time-pad keys makes this scenario 
highly inefficient and, therefore, useless for most uses. 
Practical systems have not yet been devised that allow 
A and B to use the starting secret K as a support to 
transfer or exchange fresh sequences of random numbers. 

This work shows a practical way that allows A and 
B to share through the Internet these new sequences of 
random keys in a secure way. This could bring life to 
the starting scenario. The basic ingredients needed are a 
very simple software, a physical random generator (not 
a pseudo random generator) coupled to the private com- 
puter and a starting secret key Kq shared by A and B. 
This starting sequence Kq will seed a long sequence of 
truly random bits. In a sense, it can be seen as a one- 
time-pad booster: Starting from a shared seed Kq, A and 
B end up sharing a sequence of L (>> Kq) random bits. 
No third party is used to establish the key sequences to 
be used by A and B. No need for intrusion detection ex- 
ists. Furthermore, all of these elements allow immediate 
implementation - even commercial (truly) random gen- 
erators exist [3] for moderate speeds. 

One may also argue that some quantum protocols ex- 
ist that are proven secure as the well known single pho- 
ton protocol BB84 [4] to distribute random bit sequences 
and, therefore, what novelty is being offered? Single- 
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photon protocols cannot be amplified and therefore do 
not work for the long-haul communications necessary for 
the Internet. Furthermore, signals from single-photon 
protocols cannot be converted from optical to electrical 
and back to optical without loss of security. Nor they 
are practical for wavelength multiplexing (WDM) . These 
steps are necessary for the Internet. Alternative systems 
such as those using discrete or continuous variable pro- 
cesses relying on homodyne measurements (e.g., [5]) are 
very sensitive to noise. This leads to low key rate transfer 
and, even more serious, they cannot work in the naturally 
disturbed and complex Internet networks. In this sense, 
direct quantum communication over the Internet is not 
realistic. 

On the other hand, some advantages of this NSI are: 
1) The protocol is established at the user level where 
the secure data/message is prepared. This message/data 
is deterministic and noiseless but carries, as it will be 
shown, truly random information that was generated by 
a physical process. The key distribution procedure uses 
the installed communication network but its protection 
depends on physical laws instead of mathematical com- 
plexities. 2) The data is prepared in any convenient form 
for the underlying OSI layers with no need for modifica- 
tion of the IP in use. A simple binary file can be prepared 
by A or B to be sent through the OSI stack. These char- 
acteristics will not be dependent of security procedures 
established at the OSI's "Presentation" layer. Normal 
data manipulation demanded by OSI protocols can be 
applied. The only and usually expected requirement is 
that the end user receives the data file as it was deliv- 
ered by the sender, bit-by-bit. This presupposes use of 
error correction protocols to guarantee perfect delivery of 
the ciphered message to the end user. The IP protocols 
in use are then left untouched; just a private protection 
layer is added by the users. This added layer, under user's 
control, presents no risk in the eventual creation of algo- 
rithms for fast factoring of numbers in primes. Also, even 
creation of a quantum computer or quantum processors 
does not decrease the physical protection tied to the sig- 
nals. There resides the special value of this system and 
its proposition as a secure layer for users that demand 
protection based on physical principles. 

The central problem is how to distribute over the Inter- 
net secure sequences of random bits Ri . This is the main 
puzzle with a solution presented in this work. Before 
discussing this fundamental problem and the proposed 
solution, one may state that if this is true, it is clear 
that ciphered messages based on one-time-pad could be 
sent over any physical channel with no need to further 
obscure the transmission for protection. The cipher mes- 
sage could even be made public because the protection 
is guaranteed by the one-time-pad method itself. As an- 
other consequence, no intrusion detection mechanism will 
be needed. 

Use of classical carriers to carry recorded quantum in- 



formation is a normal process that is often not perceived. 
Scientific journals use this process constantly -although 
they do not require a special protection. Understanding 
quantum phenomena as sets of probable events or differ- 
ent possible quantum trajectories, the classical informa- 
tion obtained from instrumental clicks is nothing more 
than recording one amongst the many possible quantum 
trajectories. Repetition of the same measurement op- 
eration may lead to a very distinct result; that is to 
say, a record of another trajectory among the possible 
ones. The files to be sent over the Internet are to be 
obtained in samplings of single events (bits). The infor- 
mation protection desired relies on the multitude of pos- 
sible quantum trajectories that generates each single bit 
of the random sequence. This is completely different from 
using pscudo noise generated in a deterministic process 
(hardware stream ciphers), whose generation mechanism 
can be searched, discovered and used by the attacker [6]. 
One may easily argue, for example, that phase flucta- 
tions on a laser output or in thermal radiation are not 
quantum. Both can be represented by Gaussian random 
processes. Several definitions (e.g. Glauber's Positive 
P representation [7] or Mandel's Q parameter [8]) can 
be utilized to classify these fluctuations as Poissonian or 
super-Poissonian. Light in a coherent state will be at the 
boundary between the "classical" and "quantum" realms. 
Although the question if electromagnetic radiation can 
be classified as classical or quantum is probably a philo- 
sophical question, the importance of the uncontrollable 
or unpredictable physical fluctuation in both representa- 
tions is the important aspect to be utilized in this work. 
Sometimes the expression "quantum fluctuations" will 
be utilized by the author to express fluctuations asso- 
ciated with the light field. The reader may ignore the 
"quantum" adjective with no harm for ideas presented. 
A quantum calculation is often quite adequate to deal 
with light fluctuations and will be utilized. 

This work will discuss the physically built-in proper- 
ties of these secure files. It will also explains why one- 
time-pad keys can be created and shared by A and B 
through the Internet. This is basically about physics, 
not a discussion about software or deterministic (pseudo- 
random) stream cipher hardware. The security is intrin- 
sically connected with fluctuations of the light field. Be- 
fore discussing the information content in this process, 
the Section will describe the basic standard distribution 
protocol. After this description, it is explained how the 
recorded files carry the noise protection. 

THE DISTRIBUTION PROTOCOL 

The deterministic signals going through arbitrary com- 
munication channels are encrypted by random signals ob- 
tained from optical sources and are described by non- 
orthogonal M-ry bases. Distribution of secure data 
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[9, 10] and key distribution over optical channels using 
M-ry bases has been discussed on recent publications 
[11-13]. The security of the key distribution process de- 
scribed here relies on a few points: 1) A shared secrecy by 
users A and B on a starting key sequence K and 2) a bit- 
by-bit uncertainty Nature-made noise associated to each 
bit and recorded on a interleaved M-ry non-orthogonal 
bases. 

In short, knowledge of K gives the legitimate users 
the first mapping of the bases generated by the emitter 
and allow B to recover each bit inscribed on every basis 
used. Sequences of fresh random bits, by its turn, will be 
generated by a truly random process and sent one-by-one 
between users A and B. Subsequent privacy amplification 
procedures statistically exclude the eventually compro- 
mised fraction of shared bits. The batch of secure shared 
secret bits (distilled bits) will be used for one-time-pad 
encryption. The physical noise from the bit generator 
protects each bit from the attacker E (Eve) and provides 
the information security level associated with all Ri. 

The signals associated to the key sequences Ri are cre- 
ated by a physical random generator(PhRG). The noise 
Ni associated with each bit Ri inscribed onto the M-ry 
nonorthogonal basis (M > 2) produces the uncertainty 
seen by the attacker. This implies that the emitter has to 
be equipped to detect and record the signals generated 
by the PhRG. In other words, the definition of the mea- 
suring system is made by the emitter, not the attacker. 
The signal sent is the signal controlled and measured by 
the emitter with a detection system of his choice. No 
restrictions are placed on the attacker to obtain the ex- 
changed signals on a public channel. Perfect copies of 
the transmission signals can be made public. Among 
the properties of the proposed system are: 1) Any pub- 
lic channel may be used for transmission (optical fibers, 
TV, microwave, and so on); 2) The deterministic signals 
can be amplified with no security loss; 3) Signals can 
be converted from electromagnetic to electrical and back 
to electromagnetic with no security loss; 4) Wavelength 
multiplexing is allowed on the network; 5) Current Net- 
work and IP protocols can be used with no modifications 
for users in any IP classes. 

Fig. 1 shows a block diagram for one cycle of the key 
distribution system. Just to describe the protocol and 
make contact with some of the available literature ([11] 
to [13]) on M— ry cryptography, a description starting 
with a M — ry system of levels uniformly distributed on 
the phase circle will be presented. At the end, the M— ry 
system will be simplified to M = 2 for a speed-up in the 
communication process with no security loss. 



The protocol 

A and B share a starting random key sequence 
(#1) designated by K (#2) of length L (See Fig. 
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FIG. 1: A sketch of one cycle of operations of the key distri- 
bution process in the Noise Secured Internet is shown. 



1). These L bits are divided into blocks of size Um 
(b(kM), b(kM-i), ■■■b(ki)) and each block defines ran- 
domly a basis fcoi over a nonorthogonal set of bases. As 
an example, a uniformly distributed set of bases can be 
used, being described on a ciphering wheel (#3) [11] with 
M bases, where M = 2 kM . 

k 0l = b(k M )2 kM - 1 + b(k M -i)2 k *'- 2 + ...6(fci)2° . (1) 

The phase values defining each basis are then given by 

1 - (-l) fc <" 



M 



fe 0i = 0,l,...M-l. (2) 



In these bases, a bit 1 will be inscribed displaced by 7r 
with respect to bit over each basis. 

A PhRG (#5) generates random bits Ru (#6) that A 
would like to transfer securely to B. These signals con- 
tain noise Nu (#7) with a natural phase distribution 
(e.g., noise inherent to coherent states) of width a^. Ru 
can be understood in phase units (rd): values or n for 
bits and 1. For mesoscopic coherent states this noise 
is appproximately Gaussian distributed with width 0$ 
(set such that < 7r/2). The signal to be sent over 
the generic Internet communication channel (#8) (net- 
work and servers) is Y± — Ru + Nu + fcoi- The combined 
effects of Nu + koi is to hide the bit value Ru on the 
ciphering wheel (#9). Although containing random in- 
formation Y\ is a deterministic signal and as such can 
be amplified and converted into different signals through 
arbitrary Internet nodes without any loss of security. 

B has to extract Ru from Y\. To this end he utilizes 
the same sequences from Kq utilized by A to generate 
the base values koi (#4). He subtracts this value from 
Y\ and obtains Ru + Nu (#10) and obtain signals in 
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binary bases (single fcj value). The effect of the noise Nu 
on B's binary basis is negligible because < ir/2 and his 
decision on the bit value is easy; therefore, he obtains Ru 
(#6). From the received sequence Ri he forms bit blocks 
of length ku and constructs a new base sequence ku. 
The next steps are similar to the first ones. Bob's PhRG 
(#12) generates signal containing bits R 2 i (#13) associ- 
ated to noise N 2i (#14). The signal Y 2 = R 2 i+N 2i +ku is 
sent over the communication channel (#8). The bit value 
i?2i is hidden by the overall noise N 2 i + ku (#15). From 
her knowledge of Ru (#6) and, therefore, ku (#14), Al- 
ice subtracts ku from Y 2 and obtains R 2 i + N 2 i (#16). 
On her binary basis she easily obtains R 2 i (#13). The 
first cycle is complete. A and B continue to exchange 
random sequences as in the first cycle. The shared se- 
quences (Ru, ...,i?2i, ...), after privacy amplification, are 
the random bits to be subsequently utilized for one-time- 
pad cipher. 

Note that while for noiseless signals Y± = b and Y 2 = b 
carrying a repeated bit 6, one has Yi © Y\ = 0, noisy 
signals give Y\ = b + Ni and Yi = b + N 2 and, there- 
fore, Yi © Fi = Ni + N 2 (= or 1). This frustrates 
correlation attacks and algebraic attacks constituted of 
addition-mod2 between bits. These attacks are efficient 
against pseudo random encrypted signals in a noiseless 
carrier. 



THE PHYSICAL RANDOM GENERATOR 

The random generator is the principal equipment 
needed to implement NSI for users A and B. After a brief 
description of a possible random generator, its physical 
aspects will be discussed. For secure transmission of sig- 
nals physical randomness is necessary because no known 
mathematical algorithm has been proven to generate true 
random numbers. Several physical sources may be used 
to this end such as optical or thermal sources. Optical 
sources can be much faster than the thermal ones and 
are therefore necessary when speed is required. It is im- 
portant to say that commercial truly random generators 
already exists for moderate speeds [3] what makes im- 
mediate NSI implementations possible. Fig. 2 shows a 
sketch of a PhRG with a coherent light source modulus. 
While several design variations are possible, the PhRG 
shown can achieve fast speeds compatible with optical 
channels. The laser beam is divided by a beam splitter 
BS. The upper part shows a detecting system where sig- 
nals Vi are generated corresponding to the sign of the 
generated signal with respect to the average signal in- 
tensity These binary signals are converted into binary 
voltages Vr = ±V^r that constitute fresh random bits to 
be shared by A and B. The bottom part shows an inter- 
ferometer with an optical phase modulator (cj> mod) in 
one of the arms. Added voltages Vk + Vr are applied 
to the phase modulator. This way bits are created in 
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FIG. 2: Sketch of PhRG with a coherent light source. This 
modulus can work internally or externally to a computer. The 
laser beam is divided by a beam splitter BS. The upper part 
shows a detecting system where signals Vi are generated cor- 
responding to the sign of the generated signal with respect to 
the average signal intensity. The laser beam is adjusted to an 
adequate intensity by a neutral density filter (or automatized 
filter). Voltage values Vk defining M-ry phase bases (e.g, 
M — 2) are added to Vr and applied to the phase modulator. 



randomly chosen non-orthogonal bases. Detectors at the 
interferometer output produce the phase signals carrying 
basis, bit and noise information shown in Figure 1 as Yj. 
These values are automatically recorded and carry ana- 
log information that may be transmitted in binary form. 
The phase uncertainty is approximatelly given (see Refs. 
[11] and [12]) by the Gaussian distribution 



Pu 



-(A0) 2 /2<tJ 



(3) 



where rr^ = \j2j (n) and (n) is the average number of 
photons in one bit. Availability of PhRG modules in 
public places like a cybercafe may be convenient and less 
costly for many users. They may generate and record on 
portable memories a batch of secure keys or use them to 
exchange one-time-pad ciphered information. 



SIMPLIFIED BASES 

Use of a non-uniform set of bases leads to a more eco- 
nomical system: instead of the uniformly spaced circle of 
phases given by Eq. (2) one may use just a sector of phase 
values where the number of bases is just M = 2. See Fig. 
3. Acj>i is the space between two bases and should be kept 
A 0i <C 7r/2. (n) is adjusted so that it/2 > 0$ ^> A0i. 
Two states or bits can be inscribed on each basis. While 
only two possible states are to be written on the same ba- 
sis (binary states), one should recall that the noise added 
may require other angle positions (going to a continuum 
as necessary) to be experimentally recorded as well. A 
simple procedure could be placing the recorded signal 
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FIG. 3: A ciphering set of bases in a phase sector with M = 2. 
(70 is the standard deviation in the phase caused by fluctua- 
tions in the light field. A(j>i is the spacing between two bases 
and should be kept A<f>i <ti 7r/2. (n) is adjusted so that 
7r/2 > <T0 ^> A(j>i. Two states or bits can be inscribed on 
each basis. Dark circles indicate positions for a bit and 
open circles give possible positions for a bit 1. 



(representing bit, basis and noise) always equal to the 
nearest phase position. This way, just the phase values 
shown on Fig. 3 will be needed. 

Phase positions in the s th -sequence of random bits on 
this M = 2 sector are given by 
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i gives the i^ 1 term in the s-sequence of length L. The 
first random sequence i? ,i is the shared sequence K - 

LIGHT SIGNALS AND INFORMATION 

Signals to be generated by the PhRG are phase modu- 
lated coherent signals. A specific (f>k modulation will be 
described by 



|ae*}= e -H 2 / 2 ]T- 

n=0 



|n) 



(5) 



Assume positive a = \a\. On the M = 2 sector 
shown in Fig. 3 the phase modulation angles are <pk — 
(0, A</>! , 7r, 7r+A^>i). Each one of these values is randomly 
by Ri according to Eq. 4. Statistically, the allowed val- 
ues are equally distributed with 1/4 probability for each 
of the angles. It is easy to describe the desired proper- 
ties utilizing a quantum formalism. The density matrix 
p describing these possibilities is 
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ae in )(ae in \ + (ae^+^Xae^+^l) .(6) 



From now on the notation \<pi) — (|0), |A0i), \w), \ir + 
A0i)) will be used for the modulated coherent states. 
As the interest is on small angular separation A<fii, one 
may write the matrix elements of p up to the first order 
0(A#): 
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{4>i\p\4>k) = 

PA4>!,0 J- PA0i,7T PA0i,7T + A0i 

Pn,0 Pti\A0i 1 Ptt,tv+A4>i 

\ Ptt+A0i,O Ptt+A0i,A0i P7r+A0i,7r 1 / 



P0,A</>i 

1 



(7) 



where 

PO,A0i = A7r,7r+A0i 



1 + i\a\ 2 A(f> 1 tanh(2|ev| 2 )) , 
PA0!,o = p 7r +A0 1 ^ = (l - «|a| 2 A(/)i tanh(2|a| 2 )) , (8) 



and all other terms (i ^ k) are equal to pik = sech(2|o;| 2 ). 
Diagonalization of (<t>i\p\<f)k} gives the eigenvalues Xi and 
orthonormal cigenstates (up to order A(j)i): 



Ai = 

l*i> = 

A 2 = 

1*2) = 

A 3 = 

1*3) = 

A 4 = 

1*4) = 

where 



0, (9) 
1 [e*" |0) - \A<j>i) - e«° |tt) + |tt + A^»] 
sech(2|a| 2 )sinh 2 (|a| 2 ), (10) 
1 [-e 1 ^ |0) - |A0O + \n) + \n + A&»] 
0, (11) 
1 [-e^ |0) + | A0i) - |tt) + |tt + A^))] 

i(l + scch(2|c| 2 )), (12) 

1 [ e ^|O) + |A^ 1 )+ e ^|7r) + |^ + A0 1 ))] , 



A 2 + A 4 = 1, AA = 2^2(1 -e-<">), 
0c = arctan [(n)A^i coth(n)] and 
4>t = arctan [(n)A<pi tanh(n)] . 



(13) 



The eigenvalues give the probability of occurrence of the 
states Due to the non-orthogonality of the bases 

used, a modulated state \<j>i) has projections on all eigen- 
states l^i). 



Von Neumann and Shannon entropies 

Statistically, the Von Neumann entropy H(a) associ- 
ated with the random bits is given by the eigenvalues of 
P- 



H(a) = -A 2 log 2 A 2 - A 4 log 2 A 4 



(14) 



M 

FIG. 4: Von Neumann entropy showing the fast transition 
from the quantum regime to the classical bit regime. |a| = 
\J (n), where (n) is the average number of photons per bit 
signal. 

Fig. 4 shows H(a) as a function of the coherent ampli- 
tude |a|. It is interesting to see that for very small am- 
plitude |a| (or small number of photons \a\ 2 = (n) < 1) 
the signal carries less than one bit information. Four 
states can be used and two of them describes the same 
bit (two bits in the same basis). As the probability to 
sent one of the states is 1 /4, the probability to have one 
of the two bits sent is 2 x 1/4. Consistently, this gives the 
maximum Shannon entropy (as the classical limit of Von 
Neumann's entropy) H s = 2 x (1/2) log 2 (l/(l/2)) = 1. 



Phase distribution 

The experimental determination of phase in the quan- 
tum regime has been subject of intense study and contro- 
versies -for a short review, see [8] . Mesoscopic and classi- 
cal states are established with less controversy. Ref. [14] 
introduced simple definitions for phase state and phase 
distributions that have been frequently used. They will 
be adopted here. Thus, in terms of number state bases, 
the definition of phase state will be 

\t) = ^=L= £>**|n> , (15) 

where q is the number of states taken on a truncated 
space of the oscillator Hilbert space [14]. It leads to 
a classical phase state for large q and it is quite ade- 
quate for numerical calculations. Introduce a discrete, 
orthonormal and complete set of these states 

27rm 

9dm = — — r (m = 0, 1, ...q), (16) 
q+1 

defined up to an arbitrary fixed reference phase value 
(The index d is just to identify the discrete character of 
this phase). Thus, (4>dk\4>di) — Ski- A phase operator is 





1 2 3 4 5 6 

0(rd) 

FIG. 5: Phase distribution for (n) = 25 as a function of A0i 
values. For large values of A(/>i the decision over it or n + A<pi 
is easily made. For small A(f>i the two distributions merge 
together, q — 300 was used to truncate Eq. (19). 

defined by 

i 

9 = ^ <f>dm\pdm)(<fidm\ ■ (17) 
n=0 

Given a density operator p, the phase distribution p{<f) 
is obtained as 

P{4>dm) = (<l>dm\p\<t>dm) , (18) 

with normalization ^2j n= oP((f>dm) = F rom the den- 
sity matrix, Eq. (6), the phase distribution (18) for all 
possible realizations of the phase assignments can be cal- 
culated. It gives 




where <pi = (0,A<pi, n, 7r + A</>i) and m is the phase 
index introduced in Eq. (16). Fig. 5 shows probabil- 
ities for occurrences of phases assigned by the sender. 
Fig. 5 illustrates phase distributions for a set of A0i 
and (n) — 25. Large A0x values imply that recognition 
for the attacker of the basis used by the user is easy and 
leads to bit recover. On the other hand, for small A<pi 
the linewidth well exceeds it. 

A phase recorded by the sender is sent to the end user 
and assumed recorded by the attacker as well. Recovering 
the bit sent is the aim of both the end user and the 
attacker's. To the end user, bit recovered is easy because 
it is just a decision between angle ranges (— 7r/2,7r/2) or 
from (7r/2, 37r/2). The attacker, not knowing the basis 
used, has to decide between a phase value or the neighbor 
phase, distant from it by Atpi. 
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FIG. 6: Signal-to-noise ratio for phase angle as a function of 
the separation angle AcAi for two values of (n), 25 and 400. 



Signal-to-noise ratio for phase measurements 

A measure of the attackers ability to recover a phase 
<pi sent is given by the fundamental signal-to-noise ratio 
expressed by 



(<t>i\<f>\<Pi 



SNRj,. = - 

The phase expected value (</>) and ((j) 2 } are given by 



(20) 



i\4\4>i) = 4 ^dmP^dm)^ , 



m=0 



and 



h\&\<k) 



= 4 J2 $i m P{ 



(21) 



(22) 



p{4>dm)<j>i is the <f>i contribution to p(4>dm)- The attacker, 
E, cannot succeed for SNR ( p i < 1. It should be empha- 
sized that the attacker does not have the capability to 
perform measurements on the PhRG output. She obtains 
single records sent by the user. Not even an ensemble of 
data for each bit is sent by the user. A single recording 
of a single measurement performed by the user's instru- 
ments is the only data available to the attacker. Fig. 
6 shows the signal-to-noise ratio SNR c f >i for (n) = 25 
and (n) = 400 as a function of A(j>i . It is seen that for a 
given (n) a small range of A<fii values satisfy SNR^ i < 1. 
Within this range, the attacker cannot succeed to obtain 
the correct bit values (or corresponding phase values). 
His probability of error by guessing over the recorded 
data will be 1/2. 



ATTACKS 

One may wonder about the cost of a brute force at- 
tack to determine the starting key Kq from the transmit- 



ted signals. Under the assumption that the uncertainty 
presented to the attacker cover some of the bases, the 
attacker would know that the basis ki used in a given 
transmission is around a given region within the uncer- 
tainty N a . 

For the M-ry system of uniformly spaced bases this 
amounts that only a set of less relevant bits bk hide the 
correct basis. These bk bits could be permutated in 6^! 
ways. As each bit could be either or 1 the total num- 
ber of permutations to be searched for each bit emission 
would be (log 2 N a )lN a . For the total number of bits the 
number of combinations would be 



C = 2 Ko (log 2 N a )\N a 



(23) 



Under this example of a uniform ciphering wheel exem- 
plified by Eq. (2), it is understood that the attacker may 
know the fraction 1 — (N a /M) of the total number of 
shared bits /cm used by A and B to cipher a fresh gen- 
erated bit. For a sequence of L shared bits, Eve may 
obtain L[l ~ (N a /M)] bits among L because they were 
not covered by noise. An attack on the key cannot suc- 
ceed due to simple reasons: Kq can be chosen with a 
size that makes direct search computationally unfeasible 
(exponential complexity in Kq). After exchange of each 
random sequence Ri equally long as Kq- privacy ampli- 
fication procedures will be applied, leading to a shorter 
random sequence for one-time-pad. One should stress 
in this key distribution procedure the starting key Kq is 
never to be open to the attacker. This eliminates any 
possibility for E to explore correlations between Kq and 
the distilled keys after privacy amplification. In fact, Kq 
can be destroyed after being used. Therefore, applying 
key-search trials for ciphertext decryption on a known- 
plaintext attack is doomed due the attacker's computa- 
tional capability. 

For the M = 2 system all neighbouring levels are cov- 
ered by noise (N a > 2). For this case, the same C ~ 2 K ° 
makes unfeasible a brute force attack. 



CONCLUSIONS 

It has been shown that Internet users will succeed in 
generating and sharing, in a fast way, a large number of 
secret keys to be used in one-time-pad encryption. They 
have to start from a shared secret sequence of random 
bits and have a "hardware" modulus (Physical Random 
Generator-PhRG) added to their computers. The 
physical noise level is adjusted to hide the random bits 
being sent. Although the transmitted signals could be 
openly accessed, physical noise inherent to these signals 
provide the protection. No intrusion detection method 
is necessary. Privacy amplification protocols (dependent 
on the M-ry system used) eliminate any fraction of 
information that may have eventually obtained by the 
attackers. As the security is not based on protocols 
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supported by mathematical complexities in current 
use, the security is not dependent on the difficulties of 
factoring large numbers in their primes. It was then 
shown that by sharing secure secret key sequences and 
subsequent data encryption a secure Internet can be 
practically implemented. The system can be easily 
adjusted to follow any computational advance while 
providing security. The random generator works at 
optical speeds and the system does not require special 
Internet communication protocols. Any network in 
current use is adequate for this kind of operation. This 
system is proposed as a possible new paradigm for a 
secure Internet. 

*E-mail: GeraldoABarbosa@hotmail.com 
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